Command: CK (Generate KCV). Can be used in online, offline or secure state.
Function: To generate a key check value (KCV) for a key encrypted under a specified LMK pair.
This command uses the Generate permission flag from the Key Type Table in order to generate a Key check value for a given Key Type.
Inputs: Encrypted key (under the relevant LMK pair):
· Single-length key: 16 hexadecimal characters.
· Double-length key: 32 hex characters or 1 alpha + 32 hex characters.
· Triple-length key: 1 alpha + 48 hex
Key-Type: a code indicating the type of key that is to be input, 3 decimal digits. See Key Type Table.
Outputs: The check value: 16 hexadecimal characters, if restrict KCV is enabled in the CS command the output will be restricted to the 6 most significant digits with padding zeros for the remainder.
Errors: Data invalid; please re-enter: - incorrect number of characters.
Key parity error; re-enter key: - the entered key does not have odd parity on each byte. Re-enter the complete line (key and Key-Type code) and check for typographic errors.
Invalid key type; re-enter: - the key type is invalid. See Key Type Table:
Internal failure 12: function aborted - the contents of LMK storage have been corrupted or erased. Do not continue. Inform the Security Department.
Example:
Online> CK <Return>
Enter key type code: NNN <Return>
Enter key length flag [S/D/T]: S <Return>
or
D <Return>
or
T <Return>
Enter encrypted key: XXXX XXXX XXXX XXXX <Return>
or
YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY <Return>
or
T YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY YYYY
(as applicable)
Key check value: ZZZZ ZZZZ ZZZZ ZZZZ